<html>
<body>
    <p>Frame on a foreign domain (opened using window.open).</p>
    <iframe name='aFrame' id="aFrame"></iframe>
    <script>
        var url = "javascript:\"<html>"
            + "<head>"
            +     "<scr" + "ipt>"
            +         "window.onload = function()"
            +         "{"
            +             "try {"
            +                 "parent.opener.document.getElementById('accessMe').innerHTML = 'FAIL: Cross frame access from a javascript: URL on a different domain was allowed';"
            +             "} catch(e) {"
            +             "}"
            +             "parent.opener.postMessage('done', '*');"
            +         "}"
            +     "</scr" + "ipt>"
            + "</head>"
            + "<body>"
            +     "<p>Inner-inner iframe. This iframe (which is javascript: URL and whose parent is on a foreign domain) is the frame attempting to access"
            +     " the main frame.  It should not have access to it.</p>"
            + "</body>"
            + "</html>\"";

        var frame = document.getElementById('aFrame');
        frame.src = url;
    </script>
</body>
</html>
